RE: Backdoor.IRC.Flood.E & Backdoor.Dvldr

Try this:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DELODER.A

Javier Otero
Grupo Smartekh
Antivirus Expertos
Bussiness Continuity
Inftegrity
5243-4782 al 84 Ext.300
México, D.F.

-----Mensaje original-----

De: Curt Snow [mailto:csnow@westerlyhospital.org] Enviado el: Miércoles, 04 de Junio de 2003 08:54 a.m. Para: focus-virus@securityfocus.com; mfossi@securityfocus.com Asunto: Backdoor.IRC.Flood.E & Backdoor.Dvldr

I have a user who has been "infected" with the above two Trojans. They have both been a real hassle to try to remove from her machine. I spent close to an hour a couple nights ago cleaning up the Backdoor.IRC.Flood.E Trojan, deleting any and all references to it in the file system and the registry, only to have it reappear again this morning.

The Backdoor.Dvldr Trojan evades even being seen on the machine in the file system or in the registry, yet Norton continues to detect it.

I have followed all instructions on the Symantec web site for cleaning these up, but to no avail.

My biggest question at this point is "where do these Trojans get in... what is the method of infection? And of course how can I eradicate these things without resorting to a complete format and rebuild?

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Any and all help would be appreciated.